Chris Rohlf discovered that the "Gtk::MessageDialog.new()" method in
the file gtk/src/rbgtkmessagedialog.c does not properly sanitize the
"message" parameter before passing it to the gtk_message_dialog_new()
function.

Impact

A remote attacker could send a specially crafted string to an
application using Ruby-GNOME2, possibly leading to the execution of
arbitrary code with the privileges of the user running the application.